I have an requirement for security for WESB webservices: Authentication and Authorization. In authentication step, the client is authorized using digital certificate. Hence I have configured policy set and policy set binding and attached to the service. It works fine. The second step is to authorize the requester. For authorizing, I have to extract the CN from incoming request certificate and check if the user is allowed to perform the requested operation.
I am not sure if I can extract the identity from incoming certificate. Hence I wanted to know if it is possible. If so, can you provide me some hints.